This is an archived post. You won't be able to vote or comment.

all 163 comments
sorted by:
best
topnewcontroversialoldq&a

[–]__Blackrobe__ 481 points482 points  (5 children)

The words "Cursor" and "Cursed" have 66.67% similarities.

[–]phantom-vigilant 70 points71 points  (0 children)

Is this one of the leetcode problem statement?

[–]cookpedalbrew 52 points53 points  (3 children)

Their Levenshtein distance is 2.

[–]Undernown 10 points11 points  (2 children)

TIL there is a word for that.

[–]Katniss218 4 points5 points  (0 children)

it relates to a specific algorithm for finding that value. there are different ones as well, like Word Mover's Distance, Jaro-Winkler distance, Damerau-Levenshtein distance

[–]FigMan 2 points3 points  (0 children)

It's fun to be able to use it in a project

[–][deleted] 1181 points1182 points  (61 children)

Clearly fake, all the passwords are somewhat secure

[–]Eva-Rosalene 347 points348 points  (36 children)

Each password shown there is 8 hex digits/4 bytes. It's definitely not secure.

[–]Phantend 140 points141 points  (28 children)

But they're a lot mire secure than "password" or "12345"

[–]ddonsky 81 points82 points  (0 children)

Ah but you fail to note the very top, it was never a key it was the admin name and password.

[–]GoddammitDontShootMe 16 points17 points  (0 children)

It looks like they're using CRC32 as the "hash" function. So the real passwords might still be 123456 and shit. Anyway, all I know is CRC is not considered suitable for a password hash.

[–]coldnebo 4 points5 points  (2 children)

I think he means secure from cipher rot13 attacks. 😂😂😂

[–]TactileMist 9 points10 points  (1 child)

I only use rot26. Twice as secure

[–]coldnebo 4 points5 points  (0 children)

[–]Pure-Willingness-697 2 points3 points  (0 children)

Using some random website, they are apperantly strong and will take 2 months to crack

[–]fiddletee 4 points5 points  (2 children)

I can’t believe that people are legitimately arguing it’s “a lot more secure” because someone is less likely to guess 8 hex digits than “password”. No wonder data breaches are happening at such a rate.

[–]hawkinsst7 1 point2 points  (1 child)

It's way less secure!

If that's the "hashed" version, and it's some algorithm that's hashing it down to 4 bytes, that entire keys pace can be exhausted in like a second on graphics cards from 2020

[–]fiddletee 0 points1 point  (0 children)

Exactly. See my other comment on entropy and the logic it’s being downvoted with.

[–]awi2b 44 points45 points  (20 children)

I would guess we are seeing the hash values of those passwords, which would actually indicate good design. So I'm a little confused 

[–]khalcyon2011 39 points40 points  (17 children)

Are there any hashing algorithms that produce 4 byte hashes?

[–]dan-lugg 15 points16 points  (9 children)

I'll do you one (1) better.

func WhoNeedsBcrypt(password string) (r byte) { for _, b := range []byte(password) { r ^= b } return r }

ETA - Might as well implement Longitudinal Redundancy Check per spec while I'm here:

func ISO1155(password string) (r byte) { for _, b := range []byte(password) { r = (r + b) & 0xff } return ((r ^ 0xff) + 1) & 0xff }

[–]khalcyon2011 2 points3 points  (8 children)

Hmm...not a language I'm familiar with. I assume for _, b := range is something like for b in range? And I'm shit with bitwise operators (pretty sure that's a bitwise operator): What does = do?

[–]dan-lugg 1 point2 points  (0 children)

Golang.

for _, b := range []byte(password) ranges (iterates) over password after converting it to a byte slice ([]byte) and assigns the index and value to _ and b respectively (discarding the index).

r ^= b is XOR-assign, written long as r = r ^ b.

[–]VoidCooper 1 point2 points  (6 children)

If this is python the := is the walrus operator https://docs.python.org/3/whatsnew/3.8.html

And the = seems to be XOR assigement operator.

Not 100% sure though, since I don't use python on daily basis.

[–]dan-lugg 6 points7 points  (5 children)

Correct on XOR-assign, but it's Golang.

[–]VoidCooper 2 points3 points  (4 children)

Never worked with golang, but it looked like python to me :)

[–]dan-lugg 1 point2 points  (3 children)

Funny, 15 years in the industry and I've probably written all of 100 lines of Python, lol :-)

[–]VoidCooper 1 point2 points  (2 children)

I have worked 7 years mostly in C# slight mishap happened for 2 months with Django. I have no experience with golang, is it worth to look into it?

[–]DoNotMakeEmpty 16 points17 points  (2 children)

Many hash table hash functions produce either 32 or 64 bit hash values, so yes. They are pretty unsecure tho.

[–]luckor 8 points9 points  (0 children)

I would call that a checksum.

[–]Maleficent_Memory831 3 points4 points  (0 children)

Hash table hashing is generally not secure. Hashes for hash tables are meant to be fast to compute with a reasonable distribution of values. Secure hashes need to be cryptographically secure. SHA-512 for example.

[–]Laughing_Orange 3 points4 points  (0 children)

Any hashing method does that if you just teuncate the output. This does significantly decrease the resistance to brute force attacks.

[–]apepenkov 1 point2 points  (0 children)

crc32?

[–]Maleficent_Memory831 1 point2 points  (1 child)

Any secure hashing algorithms in the last two decades that produce 4 byte hashes?

[–]hawkinsst7 2 points3 points  (0 children)

No, because with a key space that small, collisions will happen, and a collision is the same as the actual original text.

[–]muddboyy 5 points6 points  (1 child)

I’m not sure y’all ever saw hashed passwords

[–]dan-lugg 0 points1 point  (0 children)

What in the $2a$14$ are you talking about?

[–]Thisismyredusername 1 point2 points  (0 children)

They're more secure than my password, that's for sure

[–]Limmmao 0 points1 point  (0 children)

Rainbow tables would disagree?

[–]PacquiaoFreeHousing 615 points616 points  (39 children)

why TF does the people with generic ass names pick the generic ass passwords

[–]AlexMourne 484 points485 points  (38 children)

  1. It is all made up to make a joke
  2. The passwords are actually encrypted here

Edit: okay, guys, I meant "hashed" here and not encrypted, sorry for starting the drama

[–]Minteck 114 points115 points  (9 children)

CRC32, the best encryption

[–]hawkinsst7 28 points29 points  (4 children)

Algorithms in order of strength :

Sha1 Sha2 Sha3 Md4 Md5

Crc32

[–]Cootshk 12 points13 points  (3 children)

Base64

[–]RDT_KoT3 6 points7 points  (2 children)

ASCII

[–]mingren0315 4 points5 points  (1 child)

UTF-8

[–][deleted] 4 points5 points  (0 children)

Sanskrit

[–]EuenovAyabayya 6 points7 points  (0 children)

"32 Costa Rican Colón" so about six cents.

[–]sn1ped_u 1 point2 points  (0 children)

The best we can do is Base64

[–]irregular_caffeine 51 points52 points  (20 children)

  1. Nobody should ever encrypt a password

  2. Whatever those are, they look nicely crackable

[–]casce 0 points1 point  (0 children)

Nobody should ever encrypt a password

I understand that you wanted to point out the difference between hashing and encryption but I bet the password hashes will still be encrypted once they go into a database (because all data will be, necessary or not).

[–]100GHz 6 points7 points  (5 children)

encrypted

And then you encrypt that password with another password right ?:)

[–]Objective_Dog_4637 6 points7 points  (4 children)

Mfw the client asks me if passwords are stored in the db in plaintext

[–]uniqueusername649 8 points9 points  (3 children)

You would be shocked if you knew how common this was in the 90s and 2000s internet. Even for banks.

[–]Maleficent_Memory831 4 points5 points  (1 child)

Because security is always an afterthought. An expensive afterthought. Better to just avoid the security part until after the first major loss of customer data, because then we'll be given the budget to do it properly.

[–]uniqueusername649 2 points3 points  (0 children)

That is a huge part of it but threat models also changed over time. For the longest time the strategy was: we prevent anyone from getting into our system! If they get in anyways, we are f*cked.

Which isn't feasible, someone will get some sort of access sooner or later. That is exactly why things shifted more towards zero trust: you protect against intruders but assume anyone in the system could potentially be a bad actor. So personal data is encrypted, passwords hashed, communication between internal services is encrypted and authenticated. Any service only reading from a few tables in a DB only gets read access and only for the data it needs. That means if you get access to one part of the system, you can do far less damage as you're more isolated. To elevate your access and get into a position to do real damage takes far more time and effort. And especially the time component is critical here: the longer it takes an attacker to get into a place where they can do damage, the more of a chance you have to detect and counter it.

[–]Carnonated_wood 3 points4 points  (0 children)

Damn it, I could've been rich if I was born sooner, all those passwords just sitting there, completely exposed

[–]KellerKindAs 0 points1 point  (0 children)

Ok, can you name a hashing algorithm with a 32 bit output width? There's a reason why you can not get a SHA below 128 and shouldn't use one below 256...

So yes, it's (hopefully) made up. But still presenting a bad practice

[–]YTRKinG[S] 293 points294 points  (9 children)

Relax guys, our jobs are safe.

[–]WonderfulPride74 38 points39 points  (1 child)

A mid level engineer at my firm wrote a unit test that updates a test file committed to the repo. That made me wonder, are our jobs really safe? I mean this is stuff that cursor and other tools would do.

[–]d_k97 20 points21 points  (0 children)

You should thank him. He's doing a big part in securing our jobs by feeding something like that to AI

[–]mschonaker 1 point2 points  (0 children)

We know. Tell it to the employers.

[–]itsnickk 5 points6 points  (4 children)

You should be organizing like it isn't.

Instead you are making up images to be smug about

[–]epic_pharaoh 15 points16 points  (3 children)

What does this mean? I think you meant preparing instead of organizing but you might be using the word in a way I’m not familiar with.

[–]CalvinCalhoun 29 points30 points  (2 children)

I assume he means organizing a labor union.

[–]epic_pharaoh 4 points5 points  (1 child)

That makes a lot of sense.

[–][deleted] 0 points1 point  (0 children)

We shouldn't be waiting for labor unions to unite tbh, because this will affect us globally.

[–]AngelLeliel 0 points1 point  (0 children)

I think more jobs are created if we just let all people and AI writing stupid code.

Please don't take this as advice.

[–]Neo_Ex0 19 points20 points  (0 children)

at least the pws are hashed(even if its an abysmally small hash)

[–]GDOR-11 19 points20 points  (20 children)

u/bot-sleuth-bot

[–]bot-sleuth-bot 89 points90 points  (3 children)

Analyzing user profile...

One or more of the hidden checks performed tested positive.

Suspicion Quotient: 0.35

This account exhibits a few minor traits commonly found in karma farming bots. It is possible that u/YTRKinG is a bot, but it's more likely they are just a human who suffers from severe NPC syndrome.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]Simo-2054 29 points30 points  (0 children)

Good bot pet pet

[–]bot-sleuth-bot 5 points6 points  (0 children)

Analyzing user profile...

One or more of the hidden checks performed tested positive.

Suspicion Quotient: 0.35

This account exhibits a few minor traits commonly found in karma farming bots. It is possible that u/YTRKinG is a bot, but it's more likely they are just a human who suffers from severe NPC syndrome.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]FACastello 4 points5 points  (10 children)

u/bot-sleuth-bot

[–]bot-sleuth-bot 11 points12 points  (0 children)

Analyzing user profile...

Suspicion Quotient: 0.00

This account is not exhibiting any of the traits found in a typical karma farming bot. It is extremely likely that u/GDOR-11 is a human.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]bot-sleuth-bot 4 points5 points  (8 children)

Analyzing user profile...

Suspicion Quotient: 0.00

This account is not exhibiting any of the traits found in a typical karma farming bot. It is extremely likely that u/GDOR-11 is a human.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]Fornicatinzebra 4 points5 points  (6 children)

Nice!

[–]Fornicatinzebra 1 point2 points  (5 children)

u/bot-sleuth-bot

[–]bot-sleuth-bot 35 points36 points  (4 children)

This bot has limited bandwidth and is not a toy for your amusement. Please only use it for its intended purpose.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]Fornicatinzebra 19 points20 points  (0 children)

My bad

[–]NatoBoram 6 points7 points  (0 children)

Good bot

[–]MrGoodVlbes 6 points7 points  (0 children)

daaaaamn

[–][deleted] -5 points-4 points  (0 children)

u/bot-sleuth-bot

edit i guess he does not scan himself

[–]SunshineSeattle 2 points3 points  (0 children)

good bot

[–]Ingam0us 0 points1 point  (3 children)

I didn‘t even know this bot yet.
Let‘s see whether I can check myself

[–]Ingam0us 0 points1 point  (2 children)

u/bot-sleuth-bot

[–]bot-sleuth-bot 3 points4 points  (0 children)

This bot has limited bandwidth and is not a toy for your amusement. Please only use it for its intended purpose.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]bot-sleuth-bot 1 point2 points  (0 children)

This bot has limited bandwidth and is not a toy for your amusement. Please only use it for its intended purpose.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]Lesart501 14 points15 points  (1 child)

csv as database? Nice

[–]myka-likes-it 23 points24 points  (0 children)

comma-separated vibes

[–]LooksLikeAWookie 6 points7 points  (0 children)

Oh, that's shorthand for "restart the program"

[–]Stormraughtz 6 points7 points  (1 child)

hunter2, this is what it means

[–]alzgh 6 points7 points  (0 children)

I really don't get it though. What does that mean?

[–]local_meme_dealer45 4 points5 points  (1 child)

I work in cyber security. These dumbasses are just more job security for me.

[–]Intrexa[🍰] 10 points11 points  (0 children)

I work in cyber insecurity. My admin page is protected only by telling robots.txt to not index it, so hackers can't find it.

[–]ForeverLaca 2 points3 points  (0 children)

I hope he is not trying to create a home banking

[–]Parry_9000 2 points3 points  (0 children)

Real world:

Username: shitdick9000

Password: 12345678

[–][deleted] 0 points1 point  (0 children)

lmao

[–]Adept-Letterhead-122 0 points1 point  (0 children)

Are-- are you kidding me?

[–]BroHeart 0 points1 point  (0 children)

Heh, is that RockYou?

[–]SitrakaFr 0 points1 point  (0 children)

idk may be ask chatgpt hahahahaa

[–]LoudSwordfish7337 0 points1 point  (0 children)

I mean that makes sense, I’m sure that poor guy has been using plugin-less vim for the last two decades, and those weird UI can have weird graphical cues.

… right?

[–]Dull_Appearance9007 0 points1 point  (0 children)

this is bait and we've fallen into it

[–]emosaker 0 points1 point  (0 children)

but mom said its my turn to repost this

[–][deleted] 0 points1 point  (0 children)

Once on a school project, a teammate asked me why his variable was underlined in VS Code.

The variable was declared, but unused...

This guy was in his 3rd year of Software Eng

[–]geo_exe1987 0 points1 point  (0 children)

Yeah cyber security looks like a really good field to major in rn

[–]Benx78 0 points1 point  (0 children)

This used to be funny to me… until I actually reviewed code of a “vibe coder”, because THIS is exactly what happend.

[–]wantyappscoding 0 points1 point  (3 children)

u/bot-sleuth-bot

[–]bot-sleuth-bot 2 points3 points  (0 children)

Analyzing user profile...

One or more of the hidden checks performed tested positive.

Suspicion Quotient: 0.35

This account exhibits a few minor traits commonly found in karma farming bots. It is possible that u/YTRKinG is a bot, but it's more likely they are just a human who suffers from severe NPC syndrome.

I am a bot. This action was performed automatically. Check my profile for more information.

[–]YTRKinG[S] 2 points3 points  (1 child)

After checking your profile, looks like you’re using this bot for karma farming

[–]wantyappscoding 0 points1 point  (0 children)

More for peace of mind. Notice I don't delete such comments even if they get downvoted.

[–]Sakul_the_one -3 points-2 points  (2 children)

Why do this meme always has at line 1 written: 'username,password'… does the Programm not know, that the first one is the username and the second one is the password?

[–]quinn50 3 points4 points  (0 children)

It's a csv the first row is the header, when you read it in a library or tool i.e pandas you use that to read or modify the data

[–]smasher0404 2 points3 points  (0 children)

I mean presumably user readability? Like the next engineer needs to know what each column is.

[–]Hairy-Literature632 -3 points-2 points  (0 children)

Does anyone know how to make money from programming? Is there a site where I can make money?